- An analysis of privacy policies for mHealth apps finds that health and fitness apps aren’t keeping up with the rest of the industry – even though some are capable of gathering “particularly intimate details of a user’s life.”
“Given that some health and fitness apps can access sensitive, physiological data collected by sensors on a mobile phone, wearable or other device, their below-average performance is both unexpected and troubling,” the report states.
“If a user must search out a developer’s website on their own, or download (and perhaps purchase) an app before discovering how and where her intimate information will be collected, used, shared and protected, it will be much more difficult for her to make an informed decision about her privacy and app use,” the study noted.
“Tracking when a user typically tries to sleep (or wake up) can reveal whether they’re a morning person, or work a night shift or are away from home,” the study noted. “It might reveal whether an individual has insomnia, or another sleep disorder. It might also be the case that apps with a more limited purpose (e.g., to play a certain sound, or maintain a certain light level) ask for unusual permissions – such as access to a phone’s contacts, photos, or network connections. Importantly, privacy policies can help explain to users why this data is collected and how it is used.”
The study offers encouragement that the mHealth app industry is moving in the right direction on data privacy and security, but there’s still work to be done. As healthcare providers look to incorporate mHealth into their practices, they and their patients will want assurance that the apps they’re using are trustworthy. And they’ll want that assurance before downloading the app.
On another note, the study touches on another issue plaguing the mHealth ecosystem: the blurry line between mHealth and health and wellness. More and more apps in the latter category are trending into healthcare uses, and collecting data that qualifies as personal health information (PHI). The developers of those apps need to take extra measures to safeguard that data.